Hey r/sysadmin,

I've been running a small ISP/datacenter network and got tired of paying for cloud flow analytics tools or wrestling with full ELK/ntopng setups just to answer "what's eating my bandwidth right now?" So I built something focused.

NetScope Console — https://netscope.io.vn/

It's a self-hosted network flow monitoring system built specifically for people who want visibility into their traffic without shipping data to a third party.

What it does:

• Collects sFlow v5 and NetFlow v5 from your routers/switches (UDP :6343 and :2055)
• Aggregates into 5-second bins — near real-time, not the 5-minute averages you get from most tools
• Stores time-series in InfluxDB (local, your server)
• GeoIP + ASN classification via MaxMind — instantly see if that spike is Google, Cloudflare, or some sketchy ASN
• IP Zone hierarchy — organize your address space into named zones (domestic vs. international, per-customer blocks, etc.) with LPM matching for both IPv4 and IPv6
• Per-IP threshold alerting with configurable rollup mode (mean over window vs. top-N bins), sustained duration, and cooldown. Each alert fires with top-5 offending IPs and protocol breakdown directly in the Telegram message — you know who's doing it before you open the dashboard
• Flow archive — raw flow records stored in compressed rotating files per sensor, so you can replay exactly what happened after an incident instead of just seeing aggregated charts
• Drag-and-drop dashboard — layout saves per user, charts auto-adjust resolution when zooming out (5s → 1min → 1hr per point)
• API keys with read/write/admin roles and per-key rate limits — connect Grafana or scripts without sharing your login

Stack: Go binary + MariaDB + InfluxDB. Single install script on Debian 12:

bash <(curl -sSL https://mirror-sensor.wppanel.io.vn/install.sh) -d yourdomain.com

That sets up MariaDB, InfluxDB, Nginx with TLS, and systemd services automatically. Updates can be applied from the UI without touching the CLI.

Who it's for: ISPs, hosters, or network engineers who run their own routers and want per-IP visibility into bandwidth usage and anomalies without a cloud subscription or a 3-rack Elastic cluster.

What it's not: It doesn't do deep packet inspection or NetFlow v9/IPFIX (yet). If you need full flow enrichment with BGP communities or SNMP polling, this isn't it.

On licensing: The system comes with a 15-day trial out of the box — no signup, no credit card, just install and go. I'm currently in early feedback mode, so if your trial runs out and you want to keep using it, just email me at tuananhchorme@gmail.com and I'll send you a key. No catch, I just want real-world usage and honest feedback at this stage.

Curious what the community thinks — especially whether 5s granularity is useful in practice, or if you're fine with 1-minute resolution for most use cases.